Merge pull request #537 from dropbox/jfein/remove-cert-pinning

Remove cert pinning from the SDK

Author: joshafeinberg

build.gradle

@@ -6,7 +6,6 @@ buildscript {
     }
 
     dependencies {
-        classpath files('gradle/dropbox-pem-converter-plugin')
         classpath(dropboxJavaSdkLibs.android.gradle.plugin)
         classpath(dropboxJavaSdkLibs.kotlin.gradle.plugin)
         classpath("com.dropbox.gradle.plugins:stone-java-gradle-plugin")

core/api/core.api

@@ -519,17 +519,6 @@ public final class com/dropbox/core/http/OkHttpRequestor$AsyncCallback : com/squ
 	public fun onResponse (Lcom/squareup/okhttp/Response;)V
 }
 
-public class com/dropbox/core/http/SSLConfig {
-	public fun <init> ()V
-	public static fun apply (Ljavax/net/ssl/HttpsURLConnection;)V
-	public static fun getSSLSocketFactory ()Ljavax/net/ssl/SSLSocketFactory;
-	public static fun getTrustManager ()Ljavax/net/ssl/X509TrustManager;
-}
-
-public final class com/dropbox/core/http/SSLConfig$LoadException : java/lang/Exception {
-	public fun <init> (Ljava/lang/String;Ljava/lang/Throwable;)V
-}
-
 public class com/dropbox/core/http/StandardHttpRequestor : com/dropbox/core/http/HttpRequestor {
 	public static final field INSTANCE Lcom/dropbox/core/http/StandardHttpRequestor;
 	public fun <init> (Lcom/dropbox/core/http/StandardHttpRequestor$Config;)V
@@ -553,6 +542,7 @@ public final class com/dropbox/core/http/StandardHttpRequestor$Config {
 	public fun getConnectTimeoutMillis ()J
 	public fun getProxy ()Ljava/net/Proxy;
 	public fun getReadTimeoutMillis ()J
+	public fun getSslSocketFactory ()Ljavax/net/ssl/SSLSocketFactory;
 }
 
 public final class com/dropbox/core/http/StandardHttpRequestor$Config$Builder {
@@ -562,6 +552,7 @@ public final class com/dropbox/core/http/StandardHttpRequestor$Config$Builder {
 	public fun withNoReadTimeout ()Lcom/dropbox/core/http/StandardHttpRequestor$Config$Builder;
 	public fun withProxy (Ljava/net/Proxy;)Lcom/dropbox/core/http/StandardHttpRequestor$Config$Builder;
 	public fun withReadTimeout (JLjava/util/concurrent/TimeUnit;)Lcom/dropbox/core/http/StandardHttpRequestor$Config$Builder;
+	public fun withSslSocketFactory (Ljavax/net/ssl/SSLSocketFactory;)Lcom/dropbox/core/http/StandardHttpRequestor$Config$Builder;
 }
 
 public class com/dropbox/core/json/JsonArrayReader : com/dropbox/core/json/JsonReader {

core/build.gradle

@@ -82,26 +82,6 @@ configurations {
     withoutOsgi.extendsFrom api
 }
 
-processResources { task ->
-    filesMatching('**/*.crt') { fcd ->
-        def inputstream = fcd.open()
-        def certDatas = com.dropbox.maven.pem_converter.PemLoader.load(
-                new InputStreamReader(inputstream, "UTF-8")
-        )
-        inputstream.close()
-
-        def crtPath = fcd.getPath()
-        def rawPath = crtPath.substring(0, crtPath.length() - 4) + ".raw"
-        def rawFile = new File(task.getDestinationDir(), rawPath);
-        rawFile.getParentFile().mkdirs();
-        def out = new DataOutputStream(new FileOutputStream(rawFile))
-        com.dropbox.maven.pem_converter.RawLoader.store(certDatas, out)
-        out.close()
-
-        fcd.exclude()
-    }
-}
-
 tasks.named("compileJava", JavaCompile) {
     options.compilerArgs << '-Xlint:all'
     options.warnings = true

core/src/main/java/com/dropbox/core/http/OkHttp3Requestor.java

@@ -42,9 +42,7 @@ public static OkHttpClient.Builder defaultOkHttpClientBuilder() {
         return new OkHttpClient.Builder()
             .connectTimeout(DEFAULT_CONNECT_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS)
             .readTimeout(DEFAULT_READ_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS)
-            .writeTimeout(DEFAULT_READ_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS)
-            // enables certificate pinning
-            .sslSocketFactory(SSLConfig.getSSLSocketFactory(), SSLConfig.getTrustManager());
+            .writeTimeout(DEFAULT_READ_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
     }
 
     private final OkHttpClient client;
@@ -68,17 +66,6 @@ public static OkHttpClient.Builder defaultOkHttpClientBuilder() {
      *     .build();
      * </pre>
      *
-     * <p>
-     * If you don't use {@link #defaultOkHttpClient()} or {@link #defaultOkHttpClientBuilder()},
-     * make sure to use Dropbox's hardened SSL settings from {@link SSLConfig}:
-     * </p>
-     *
-     * <pre>
-     * OkHttpClient client = OkHttpClient.Builder()
-     *     ...
-     *     .sslSocketFactory(SSLConfig.getSSLSocketFactory(), SSLConfig.getTrustManager())
-     *     .build();
-     * </pre>
      */
     public OkHttp3Requestor(OkHttpClient client) {
         if (client == null) throw new NullPointerException("client");

core/src/main/java/com/dropbox/core/http/OkHttpRequestor.java

@@ -40,8 +40,6 @@ public static OkHttpClient defaultOkHttpClient() {
         client.setConnectTimeout(DEFAULT_CONNECT_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
         client.setReadTimeout(DEFAULT_READ_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
         client.setWriteTimeout(DEFAULT_READ_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
-        // enables certificate pinning
-        client.setSslSocketFactory(SSLConfig.getSSLSocketFactory());
         return client;
     }
 
@@ -61,14 +59,6 @@ public static OkHttpClient defaultOkHttpClient() {
      * HttpRequestor requestor = new OkHttpRequestor(client);
      * </pre>
      *
-     * <p>
-     * If you don't use {@link #defaultOkHttpClient()}, make sure to use Dropbox's
-     * hardened SSL settings from {@link SSLConfig}:
-     * </p>
-     *
-     * <pre>
-     * client.setSslSocketFactory(SSLConfig.getSSLSocketFactory())
-     * </pre>
      */
     public OkHttpRequestor(OkHttpClient client) {
         if (client == null) throw new NullPointerException("client");